Hey, yeah the problem with who can edit what is solved and works fine. The action is just usable for anyone who knows the correct url, and all other actions are blocked by the ACL unless you login into the system.
I don't know what this is, this makes no sense at all, as all other actions which have no parameters ore only one are secured and the one with 2 params is not controlled via ACL. I tested other function with 2 parameters in my app, and the same problem appears with them. For example: user/add => Access denied user/edit/5 => Access denied user/index => Access denied user/setStatus => Access denied user/setStatus/4 => anybody can see the view of that action user/setStatus/4/1 => anybody can see the view of that action in this example, edit only has ONE parameter, in fact the user ID. The action setStatus has 2 Parameters. This is really a weird problem... --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---